<?php
include '../m/ajax_constants.php';
session_start();
$conf->debug=false;
	
	$password = md5($_POST['user_password']);
	$np1 = $_POST['new-pass'];
	$np2 = $_POST['new-pass2'];
	$id = $_SESSION['user_id'];
	
	if($np1 == $np2 && $np1!=""){
		$w[0]='user_password';
		$w[1]=$password;
		$w[2]='=';
		$where[0]=$w;
		
		$w[0]='user_id';
		$w[1]=$_SESSION['user_id'];
		$w[2]='=';
		$where[1]=$w;
		
		$data=get_sql('user','user_id',$where,NULL);
		if(empty($data))
		{
			$retval['text'] = "invalid current password";
		}
		else
		{
			$np1 = md5($np1);
			$sql = "update user set user_password ='$np1' where user_id=$id";
			if(mysql_query($sql)){
				$retval['text'] = "password successfully changed";
			}
			else
			{
				$retval['text'] = mysql_error();
			}			
		}
	}	
	else
	{
			$retval['text'] = "new passwords must match";
	}
	echo json_encode($retval);
?>